[jira] [Created] (HDFS-16756) RBF proxies the client's user by the login user to enable CacheEntry

ZanderXu (Jira) Mon, 05 Sep 2022 05:49:30 -0700

ZanderXu created HDFS-16756:
-------------------------------

             Summary: RBF proxies the client's user by the login user to enable 
CacheEntry
                 Key: HDFS-16756
                 URL: https://issues.apache.org/jira/browse/HDFS-16756
             Project: Hadoop HDFS
          Issue Type: Bug
            Reporter: ZanderXu
            Assignee: ZanderXu



RBF just proxies the client's user by the login user for Kerberos 
authentication. If the cluster uses the SIMPLE authentication method, the RBF 
will not proxies the client's user by the login user, the downstream namespace 
will not use the real clientIp, clientPort, clientId and callId even if the 
namenode configured dfs.namenode.ip-proxy-users.

 

And the related code as bellow:
{code:java}
UserGroupInformation connUGI = ugi;
if (UserGroupInformation.isSecurityEnabled()) {
  UserGroupInformation routerUser = UserGroupInformation.getLoginUser();
  connUGI = UserGroupInformation.createProxyUser(
      ugi.getUserName(), routerUser);
} {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org

[jira] [Created] (HDFS-16756) RBF proxies the client's user by the login user to enable CacheEntry

Reply via email to